NEWS 3.23 KB
Newer Older
1 2 3 4 5 6
opendnssec (1:1.4.9-1) unstable; urgency=medium

  * OpenDNSSEC 1.4.8 has upgraded the KASP database version again.  This
    means that if you want to use this version or any after it with a
    database created earlier you will need to do one of 2 things...

Ondrej Sury's avatar
Ondrej Sury committed
7
    1) wipe and recreate your kasp database (run ods-ksmutil setup) which
8 9 10 11 12 13 14 15 16 17 18 19
      will lose all of your current state.

    Or if you need to keep your key information then,

    2) run the sql statements given in:

      /usr/share/opendnssec/migrate_1_4_8.{mysql,sqlite3}

      against your existing database.

 -- Ondřej Surý <ondrej@debian.org>  Wed, 24 Feb 2016 14:48:54 +0100

20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
opendnssec (1:1.4.3-1) experimental; urgency=low

  OpenDNSSEC 1.4 has some kasp database changes to allow for an update
  to the zonelist.xml schema.  This means that if you want to use this
  version or any after it with a database created earlier you will
  need to do one of 2 things...

  1) wipe and recreate your kasp database (run ods-ksmutl setup) which
     will lose all of your current state.
  
  If you need to keep your key information then,

  2) run the sql statements given in:

     /usr/share/opendnssec/migrate_adapters_1.mysql
  or
     /usr/share/opendnssec/migrate_adapters_1.sqlite3

  against your existing database.

  These changes allow flexibility in the input and output adapters.

 -- Ondřej Surý <ondrej@debian.org>  Tue, 17 Dec 2013 16:17:57 +0100

44 45 46 47 48 49 50 51 52
opendnssec (1.4.0~a1-2) unstable; urgency=low

  * Upstream has removed Zonefetcher and replaced it with Input and Output
    DNS Adapters.  You will need to change your config files:
   - zonefetch.xml has been removed and should be saved as zonefetch.xml.dpkg-bak
   - addns.xml has been added, you will need to add your zones here

 -- Ondřej Surý <ondrej@debian.org>  Mon, 16 Apr 2012 15:26:09 +0200

53 54 55 56 57 58
opendnssec (1.4.0~a1-1) unstable; urgency=low

  * OpenDNSSEC Auditor has been removed from the OpenDNSSEC 1.4.0.

 -- Ondřej Surý <ondrej@debian.org>  Fri, 06 Apr 2012 11:58:51 +0200

59 60 61 62 63 64 65 66 67 68 69 70 71 72
opendnssec (1.3.7-1) unstable; urgency=low

  * HSM SCA 6000 in combination with OpenCryptoki can return RSA
    key material with leading zeroes. DNSSEC does not allow
    leading zeroes in key data. You are affected by this bug if
    your DNSKEY RDATA e.g. begins with "BAABA". Normal keys begin
    with e.g. "AwEAA".  OpenDNSSEC will now sanitize incoming
    data before adding it to the DNSKEY. Do not upgrade to this
    version if you are affected by the bug.  You first need to go
    unsigned, then do the upgrade, and finally sign your zone
    again. SoftHSM and other HSM:s will not produce data with
    leading zeroes and the bug will thus not affect you.

 -- Ondřej Surý <ondrej@debian.org>  Tue, 13 Mar 2012 15:23:16 +0100
73 74 75 76 77 78 79 80 81 82 83 84

opendnssec (1.2.1.dfsg-1) unstable; urgency=low

  If you are migrating from 1.1.x release, you need to run migration
  scripts located in /usr/share/opendnssec/.  There is a script for
  sqlite called migrate_keyshare_sqlite3.pl and one for mysql called
  migrate_keyshare_mysql.pl.  It's recommended you backup your data-
  base before the migration, so it's not run automatically.  You can
  read more about migration in /usr/share/opendnssec-common/MIGRATION
  file.

 -- Ondřej Surý <ondrej@debian.org>  Sat, 19 Mar 2011 16:12:24 +0100